Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability

Bugtraq ID:	51117
Class:	Input Validation Error
CVE:	CVE-2011-4616
Remote:	Yes
Local:	No
Published:	Dec 19 2011 12:00AM
Updated:	Apr 13 2015 08:48PM
Credit:	Shigeki Morimoto
Vulnerable:	Igor Yu. Vlasenko HTML::Template::Pro 0.9506
Not Vulnerable:	Igor Yu. Vlasenko HTML::Template::Pro 0.9507

Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability

The Perl HTML::Template::Pro module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Versions prior to HTML::Template::Pro 0.9507 are vulnerable.

Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability

To exploit the issue, an attacker must entice an unsuspecting victim to follow a malicious URI.

Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references for more information.

Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability

References:

• HTML::Template::Pro Perl Module (Igor Yu. Vlasenko)
  
• Revision history for Perl extension HTML::Template::Pro (Igor Yu. Vlasenko)